Login  |  Register  |  Contact

A different kind of APT

What happens when you work for a US critical infrastructure company and see strange connections coming into your network from China? Using the real credentials of your top programmer? You crap your pants, that’s what you do. And you figure you have been compromised by the APT and pull the alarms. But what happens when it’s actually something else. Security audit finds dev OUTSOURCED his JOB to China to goof off at work

After getting permission to study Bob’s computer habits, Verizon investigators found that he had hired a software consultancy in Shenyang to do his programming work for him, and had FedExed them his two-factor authentication token so they could log into his account. He was paying them a fifth of his six-figure salary to do the work and spent the rest of his time on other activities.

In retrospect, this is hilarious. Unless it was your firm. The guy paid a group in China 20% of his salary to do all his work, while he spent all day surfing the web and watching a bunch of cat videos. Evidently no one thought to look at the logs from the outbound web filter, which likely would have identified this issue much sooner. Though it makes you wonder how much of this kind of arbitrage is going on, doesn’t it?

—Mike Rothman

No Related Posts
Previous entry: My DHS Beats Your FDA | | Next entry: Friday Summary: January 18, 2013


If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By Bob  on  01/18  at  12:09 AM

If the consultant is shady, it’s a win/win.  Get paid to write and steal code ;-)



Remember my personal information

Notify me of follow-up comments?